Scary Security Stats Roundup from 2020 : @VMblog

Article

Search:

Follow VMblog.com:

Improve end user experience in VDI, DaaS and physical endpoint environments

Scary Security Stats Roundup from 2020

Scary Security Stats 2020

Each year, cybersecurity companies publish a number of research reports focusing on different aspects of cybersecurity and breach trends. Below is a list of some of the most alarming statistics from several 2020 reports published by several different companies.

Kaspersky

Kaspersky research shows that, although small businesses are less inclined to provide their staff with company devices to work from home, only one third of employees (34%) have received instructions on how to securely work on personal laptops, tablets and smartphones during the COVID-19 pandemic. (Source: How COVID-19 changed the way people work)
In total, almost half of organizations (46%) face red tape delays that inhibit or delay implementation of industrial cybersecurity projects. The most common obstacles include the inability to stop production (34), and bureaucratic steps, such as a lengthy approval process (31%) and having too many decision-makers (23%). (Source: State of Industrial Cybersecurity in the Era of Digitalization)
Research from Kaspersky has found that 90% of respondents who have participated in Kaspersky's Adaptive Online Training course and selected a wrong answer have confidently evaluated their feelings toward the given response as "I know it" or "I think I know it." (Source: Kaspersky Adaptive Online Training Report)

Bitglass

61% of respondents reported at least one insider attack over the last 12 months (22% reported at least six separate attacks). (Source: Bitglass 2020 Insider Threat Report)
Most organizations cannot guarantee that they can detect insider threats stemming from personal devices (82%) or the cloud (50%), while 81% find it difficult to assess the impact of insider attacks. (Source: Bitglass 2020 Insider Threat Report)
41% of organizations have not taken any steps to expand secure access for the remote workforce. (Source: Bitglass 2020 Remote Work Report)
Despite BYOD fairly being embraced in the workforce, 51% of organizations lack any visibility into file sharing apps and 30% have no visibility or control over mobile enterprise messaging tools. (Source: Bitglass 2020 BYOD Report)

Bugcrowd

Hackers on the Bugcrowd platform prevented $8.9B of cybercrime in 2019 and are on track to prevent more than $55B of cybercrime by 2025. (Source: Bugcrowd's Inside the Mind of a Hacker Report)
78% of hackers said AI-powered cybersecurity solutions alone aren't enough to outmaneuver cyber attacks over the next decade. (Source: Bugcrowd's Inside the Mind of a Hacker Report)

Jumio

Globally, full-year fraud rates increased 28% in 2019 year-over-year (vs. 2018 levels) and 96% over 2017 levels. (Source: Jumio 2019 Holiday New Account Fraud Report)

LogRhythm

93% of security professionals lack the tools to detect known security threats, and 92% state they are still in need of the appropriate preventative solutions to close current security gaps. (Source: LogRhythm's State of the Security Team Report)
75% of security professionals now experience more work stress than just two years ago. (Source: LogRhythm's State of the Security Team Report)
When asked what causes the most work-related stress, the two most selected answers were not having enough time (41%) and working with executives (18%). In fact, 57% of respondents indicated their security program lacks proper executive support - defined as providing strategic vision, buy-in and budget. (Source: LogRhythm's State of the Security Team Report)

ForgeRock

The average cost of a data breach in the U.S. increased 112% from 2018 to $8.19M in 2019
Over 5.05B records were impacted in 2019, up 78.57% from 2018
2020 is on track to exceed 2019 in regards to the number of records breached

Over 1.6B records were impacted in Q1 2020 alone, showing that 2020 is on track to top the 5B records impacted over all of 2019
Compared to Q1 2019, the number of records impacted is up 9% from 1.4B, even though total breaches were down 57.79%

SSNs and DoBs were the most pilfered data in Q1 2020, accounting for 34% of all data stolen.
Healthcare was the most breached industry in Q1 2020, accounting for 51% of all breaches. As the healthcare industry continues to be plagued by COVID-19, they will continue to be a prime target for attackers.

(Source: ForgeRock's 2020 Consumer Identity Breach Report)

WatchGuard Technologies

Despite an 8% decrease in overall malware detections in Q2 2020, 70% of all attacks involved zero day malware (variants that circumvent antivirus signatures), which represents a 12% increase over the previous quarter. (Source: WatchGuard's Q2 2020 Internet Security Report)
Attacks sent over encrypted HTTPS connections accounted for 34% of the total detections in Q2 2020, so organizations that aren't able to inspect encrypted traffic will miss a massive one-third of incoming threats. (Source: WatchGuard's Q2 2020 Internet Security Report)

SolarWinds

94% of malware is delivered via email (Source: Data Breach Investigations Report, Verizon)
80%+ increase in phishing and malware attacks in March 2020 alone (Source: Email Security Education: Cybercriminals Capitalizing on Coronavirus and Work from Home Measures, SolarWinds MSP)
30% of spear-phishing campaigns succeed (Source: The Trends in Spear Phishing Attacks, Infosec)
1 business every 11 seconds: the predicted frequency a business will fall victim to a ransomware attack by 2021 (Source: Email Security Education: Cybercriminals Capitalizing on Coronavirus and Work from Home Measures, SolarWinds MSP)
$20 billion: the predicted cost of damages due to ransomware by 2021 (Source: The Trends in Spear Phishing Attacks, Infosec)
51% of people use only five passwords across accounts (Source: The 2019 State of Password and Authentication Security Behaviors Report, Ponemon and Yubico)

Devolutions

76% of SMBs do not have a fully deployed PAM solution despite 78% citing its importance to cybersecurity
62% of SMBs do not conduct a security audit at least once a year - and 14% never conduct an audit at all
57% of SMBs indicated they have experienced a phishing attack in the last three years
47% of SMBs allow end users to reuse passwords across personal and professional accounts

(Source: Devolutions' State of Cybersecurity in SMBs in 2020)

Acronis

31% of companies around the world are attacked at least once a day. India reported significantly more attacks per day than any other country, followed by the US and the UAE. 9% of all companies are targeted by cyberattacks at least once an hour. Exactly 50% of all respondents report encountering a cyberattack at least once a week during the past three months.
72% of global organizations have seen their IT costs increased during the pandemic. Only 1 out of 5 companies managed to relocate funds and keep its IT costs unchanged. Companies in the US, Singapore, South Africa, India, and the UAE reported the most significant IT cost increases, followed by Germany, the Netherlands, and Sweden.
35% of companies reported more new devices connecting to their corporate network in the past three months, 36% report having the same number of new devices on their corporate network, and 29% reported having fewer new devices - most likely caused by layoffs. Countries with the most new devices added to their corporate networks: the US, India, Singapore, and Sweden are all significantly ahead of the world, by up to 30%.
Only 12% of global employees chose full office work as an ideal work arrangement. A new normal will likely emerge. Among the 15% favoring full remote work, there are the following country-level outliers: the US - 26%, South Africa - 25%.

(Source: Acronis Cyber Readiness Report 2020)